Assistant has access to files from other assistants and threads

Hello guys and openAI devs especially! It’s for you firstly!

I found a bug that one of my assistant in a newly created thread refers files uploaded in other threads. For my app it means, that a user can see files uploaded by other users, so it’s a serious security breach.

I immediately deleted all the files from the assistant in ‘assistants’ section on openAI site. Then i created another assistant with no files and with file retrieval tool enabled, right after I asked it to list available files in playground and it again listed these files! Even after i asked openAI to delete them (cant say ‘deleted’ cause actually not). Files section is empty for now. But any assistant I create knows somehow these file names but cant access their contents (fortunately!).

So I just call others to check if you guys have these problems. Just suspend all features based on Assistant API with files.

I also checked, file_ids is empty everywhere, even in playground (“file_ids”: ).
I can easily reproduce it now in any newly created assistant on my account. But if you can’t reproduce the bug, could provide my test assistant id or help any other way.

I attach a screenshot from playground where I reproduced it.

  • Created assistant
  • Asked it about accessible files
  • Got file names that I uploaded previously to OTHER assistants within this organization with thread level visibility. It’s proven by empty assistant file_ids and thread file_ids on the screenshot.

I can’t find the right thread anymore, but some user also reported that custom gpt files are available to the assistants, or vice versa. I can’t confirm this (i can’t find the thread anymore - maybe I was hallucinating :laughing: ), but there seems to be a lot of confusion around this in general :confused:

I can confirm that this is not true. The only files that assistants have access to is what you give them.

I don’t know… I’ve tried to make it do that and can’t succeed.

Also, I’d like to append, that I suggest this bug is a tricky one. It seems a developer needs to make a certain set of actions to ‘create’ this problem. As I see, my assistants mention not all files that i uploaded, and not even the latest ones. Also my assistants don’t mention my user’s files. Only mine that were uploaded during development. So it might be not a problem for everyone if there’s not many people reporting the same problem. But maybe others just don’t care about so few bug cases or don’t see the bug cause it’s not so direct and obvious.

1 Like